Extending a wordlist
#1
Hello everyone,

I'm moving my first steps with hashcat, so please forgive me if I posted in the wrong section or I'm saying something "stupid".
At the moment I'm trying to crack a list of about 1k md5 hashes using a dictionary attack, I have collected several wordlists and merged them in a single one.
Sadly, but as expected, I could only recover 50 of these hashes: I tried to play with rules and combine them, but I'm not doing any significant progress (just 1-2 more password were found).

So my question is: when you get stuck, how do you move on?
Do you improve your wordlist, create new rules or fallback to bruteforce?

Speaking of which, I have found several "wordlists" that are full of random chars, are they useful or not? Isn't that the same output that you could get from a masked/bruteforce attack?

Finally, how do you deal with found passwords?
Let's say you find the password S3cr3t123, what do you do with that?
First of all, are you going to include it in any wordlist? After all, in the same way you just found it, you'll be able to find it again...
And if you add it, do you pre-process it in any way? I was thinking of "cleaning" it to secret, so other rules could use it.

Sorry for the swarm of questions Smile
#2
To many questions Smile I will answer some of them, maybe a different person will answer some other ones..

> when you get stuck, how do you move on?

Different ways. append + prepend stacked rules Hybrid, Random-Rules, again random-rules, Morph, table attack stdin, when nothing helps BF

> I have found several "wordlists" that are full of random chars, are they useful or not?

They are gold if they are real passwords. There is a good chance the user will reuse it (unless it came out of a password manager, but we don't know that)

> Isn't that the same output that you could get from a masked/bruteforce attack?

Yeah, the difference is a much higher chance

> How do you deal with found passwords?

I'm about to write an article on this topic for a new security magazine. Once it's released I will post an info
#3
Thank you very much for your answers!
Can you please post here a link to the article when it's ready? It would be very interesting.
#4
(06-26-2014, 01:14 PM)atom Wrote: > How do you deal with found passwords?

I'm about to write an article on this topic for a new security magazine. Once it's released I will post an info

Did you had any chance to create such article? It would be a very interesting reading.